ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, Sponsored by:

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by:"

Transcription

1 ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe June, 2011 Sponsored by:

2 ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe An Advisen Special Report Sponsored by Chartis Security incidents in which information is released to or accessed by unauthorized individuals, known as data breaches, are occurring with alarming frequency. A data protection research firm estimates that nearly 90 percent of U.S. organizations have experienced at least one data breach over the twelve month period spanning 2009 through Even if a breach does not result in serious damage to an organization or its customers, data breach notification laws in 46 states may nonetheless require disclosure. This requirement may then set into motion an elaborate chain of potentially expensive activities including notifying affected individuals, providing credit monitoring services, and undertaking damage control measures to protect the organization s reputation. Catastrophic and potentially ruinous breaches are becoming more common. What may begin as an investigation into a seemingly manageable security problem sometimes mushrooms into a disaster, with skyrocketing notification, monitoring, remediation and reputational damage costs, as well as fines, and penalties. Such a breach has the potential for tens, or even hundreds, of millions of dollars in litigation and related costs. Additionally, a data breach may lead to lost business, especially for companies where the bond of trust with clients is a key component to doing business. The three most expensive data breaches known to date are: A credit card processing company had more than 130 million digital records stolen from its database. Cyber criminals employed software that compromised credit card data which crossed the company s network. The company incurred expenses of nearly $150 million, of which approximately three quarters was related to settlement of claims, with the remainder attributable to investigating and defending various claims 2 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

3 and actions, remedial actions, and crisis management services. The company continues to face numerous consumer and financial institution putative class action suits. Companies can take practical steps to limit their exposure to potentially catastrophic data breaches. A major clothing and home goods retailer experienced an intrusion into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. Information pertaining to more than 45 million credit and debit cards was stolen. Through fiscal year 2010, the company had incurred expenses of more than $170 million for claims and costs related to the intrusion. In 2005, criminals pretending to be legitimate customers of a data broker acquired personal information of more than 160,000 individuals listed in the company s database. As of 2008, the company had recorded more than $33 million in expenses related to the incident. Companies can take practical steps to limit their exposure to data breaches. Increasingly, data security is recognized as not exclusively an IT Department concern, but a risk management function that extends throughout the organization. However, despite the most effective controls, data breaches may occur and companies need to be prepared to deal with them quickly and effectively. Rapid action following a breach will not only help reduce financial losses, it may also prevent damage to a company s reputation. Additionally, to mitigate the risk posed by a data breach, companies need to realistically assess their exposure and purchase appropriate limits of insurance coverage. The Costs of Large Data Breaches Research has shown that data breach costs tend to be linear: the more records compromised, the greater the costs. Expenses associated with a large data breach include: Detection, escalation, notification, and response; Lost business; Fines and penalties; Restitution; Lost productivity; Additional security and audit requirements; and Miscellaneous additional costs. Detection, escalation, notification, and response. A sophisticated attack by a hacker may take months to uncover, after which, the full extent of the damage may not be known for several additional months. Once a breach is discovered, affected parties must be notified 3 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

4 and steps must be taken to mitigate the damage. Repairing a breach can be expensive and may involve hiring a forensic expert to discover the source of an intrusion. Discovery, notification, and response costs following a breach have been estimated by Forrester Research to average about $50 per record. 2 Certain types of organizations are more vulnerable to reputational risk and consequently lost business as a result of a data breach Lost business. Business can be lost both as a result of customer attrition as well as difficulty in attracting new customers. Lost business is the largest component of the average data breach loss, comprising 63 percent of the total loss, according to the Ponemon Institute, LLC, a data security research firm. 3 Certain types of organizations are more vulnerable to reputational risk and consequently lost business as a result of a data breach. Companies in the financial service and healthcare sectors, where trust and security are cornerstones of the business relationship, are especially vulnerable to damaged reputations as a result of a data breach. Fines and penalties. Fines and penalties can come from a number of sources. Various federal and state privacy laws impose significant fines for violations. The Health Insurance Portability and Accountability Act (HIPAA), for example, calls for penalties of up to $50,000 per violation of its privacy provisions. The enforcement of many federal data security and privacy laws falls to the Federal Trade Commission (FTC). For example, the data broker described above paid $10 million to the FTC to settle charges that its security and record-handling procedures violated consumers privacy rights and various federal laws, including the Fair Credit Reporting Act. The major credit card brands also levy potentially significant fines for violations of their security standards. These companies are members of the Payment Card Industry Security Standard Council, which has created a security standard known as the Payment Card Industry Data Security Standard (PCI DSS). Compliance with this standard forms part of the agreement signed by merchants who accept members credit or debit cards. Restitution. Individuals and businesses that claim to have been damaged as a result of a data breach often seek restitution. However, the claimants success in litigating these types of cases is far from certain. For instance, a Massachusetts Supreme Court decision, rejected most of the standard legal theories used by banks to attempt to recover card reissuance costs. However, legislation has been passed in three states, Washington, Nevada, and Minnesota, which now explicitly holds organizations responsible to financial institutions for certain costs arising from payment card information breaches. Under the Washington legislation, businesses that process more than 6 million credit or debit card transactions annually, and which fail to reasonably safeguard card information, may be required to reimburse financial 4 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

5 institutions for costs related to the reissuance of cards as well as attorneys fees in the event of a payment card security breach. Individuals whose personal information is stolen sometimes sue the company subject to the breach, typically via class action lawsuits. Settlement amounts in such cases can be very high. As a result of the incident described above involving the credit card processing company, the company agreed to a settlement whereby consumers were able to make claims for out-of-pocket expenses related to card cancellations or replacements, as well as up to $10,000 if their identity had been stolen as a result of the breach. This breach involved more than 130 million records. In many instances, however, legal experts note that courts commonly reject data breach claims brought by persons who did not suffer any meaningful injury. Merely having one s personal information lost or stolen typically is not sufficient the plaintiff must have actually suffered a loss in order to be awarded damages. Companies experiencing a data breach may deem it necessary to implement enhanced monitoring and auditing protocols Companies experiencing data breaches that result in a material impact on share price may also be targeted for securities class action lawsuits. As a result of the breach, the data broker was sued by shareholders who alleged that the company violated federal securities laws by issuing false or misleading information in connection with the fraudulent data access. Without admitting liability, the company agreed to a $10 million settlement. Lost productivity. While difficult to quantify, lost productivity can be a very real cost of a data breach. Depending on the nature of the breach, IT personnel may be pulled off of other projects to identify the source of a breach and fix it. Employees will be tasked with identifying affected businesses and individuals, notifying them, and responding to questions. Lawyers will often spend a significant amount of time working with regulators and law enforcement agencies. Senior management s time is perhaps the most significant area of loss productivity following a large breach: an event that threatens the reputation of a company can become nearly all-consuming for a significant period of time. Additional audit and security requirements. Companies experiencing a data breach may deem it necessary to implement enhanced monitoring and auditing protocols. The FTC and other regulatory agencies may require heightened security measures and audits as conditions of a settlement. A shoe retailer, for example, agreed as part of a settlement with the FTC concerning a 2005 breach to maintain a comprehensive information security program, and to undergo a bi-annual assessment of that program by an independent auditor. If credit card information is lost a forensic audit at the company s expense most likely will be required by PCI DSS, and subsequent additional audits may be necessary. 5 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

6 Miscellaneous additional costs. Additional costs arising from a data breach can include attorney fees, consultant fees, and various settlement costs. As a result of a 2007 data breach, a check authorization company, for example, agreed to donate $125,000 to the Florida attorney general s Seniors vs. Crime Program for educational, investigative, and crime prevention programs and to also pay $850,000 for the state s investigative costs in settlement of the lawsuit brought by the attorney general s office. The makings of a data breach disaster Sometimes a data breach spirals out of control, and ultimately can cost a company tens of millions even hundreds of millions of dollars Consulting firm Forrester Research estimates that the average cost of a U.S. data breach involving sensitive data is $14 million. 4 According to Forrester, the costs of a data breach vary widely, ranging from $90 to $305 per customer record. The differences in cost depend on whether the breach is low-profile or high-profile and whether the company is in a nonregulated or regulated area, such as banking. Sometimes a data breach spirals out of control, and ultimately can cost a company tens of millions even hundreds of millions of dollars. The most expensive breaches have common factors: Credit Information; A large number of records; Criminal intent; Delayed discovery; and Lack of compliance. Credit information. A breach compromising medical records, for example, may violate HIPAA privacy requirements and cause distress to those affected, but the actual monetary damages are usually comparatively small. The loss of banking or credit-related information, on the other hand, can be disastrous. Most of the largest breaches involve credit card records. Companies handling credit card information, both vendors and credit card processing companies, are enticing targets for criminals because they often handle a large number of transactions and, despite rigid credit card security standards, sometimes employ security and control measures that can be compromised. Credit card brand managers have been aggressive in pursuing restitution following large breaches. For example, the clothing and home goods retailer previously described, paid about $65 million in settlements with two of the largest credit card brands to help credit card 6 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

7 issuers such as banks recover costs related to the breach. Breaches involving credit cards also may be subject to large penalties for non-compliance with security standards. In most large data security incidents, the victim was not in compliance with PCI DSS, or with various privacy and security laws A large number of records. Within a given category of record credit card records versus medical records, for example the size of the loss tends to be more-or-less linear: the more records involved, the greater the ultimate loss. Historically, the largest losses have typically involved millions of records. There are, however, notable exceptions. The incident concerning the data broker involved 163,000 records, but ranks among the most costly of all times. Nearly one-third of the reported losses were the result of penalties levied by the Federal Trade Commission. Criminal intent. While a significant number of data breach incidents result from accidents, such as lost laptops and internal errors, the most costly data security incidents have resulted from criminals specifically targeting companies. One hacker, Albert Gonzalez, and two associates were implicated in three of the largest data breach incidents. Gonzalez and his associates also allegedly compromised cards at a number of major retailers. According to The 2010 Verizon Data Breach Investigations Report, produced by Verizon in collaboration with the U.S. Secret Service, organized crime was responsible for 85 percent of all stolen data in the incidents they investigated in Delayed discovery. According to the Verizon study organizations remain sluggish in detecting and responding to incidents. Most breaches are discovered by external parties and only then after a considerable amount of time. 6 The breach at the credit card processing company occurred over a period of 14 months. Intruders spent nearly six months attempting to access the company s processing network, bypassing different anti-virus packages it used. The company took notice only after being notified by credit card companies of suspicious transactions. A large breach at a grocery chain occurred over roughly a four month period, and the breach at the clothing and home goods retailer took place over approximately five months. When discovery is not immediate, criminals continue to accumulate records and to make use of the stolen credit card information typically selling it to others. Lack of compliance. In most large data security incidents, the victim was not in compliance with PCI DSS, or with various privacy and security laws. The data broker, for example, paid $10 million to the FTC to settle charges that its security and record-handling procedures violated consumers privacy rights and federal laws such as the Fair Credit Reporting Act. Documents filed by banks suing in regard to the matter concerning the clothing and home goods retailer allege that the company was not in compliance with most of the security controls mandated by PCI DSS when the breach occurred. 7 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

8 Avoiding a data breach disaster There is no way to guarantee that a company will not fall victim to clever and determined hackers. Criminals tend to look for weaker victims, however, and they are likely to look elsewhere if they encounter a well-fortified system. The Verizon study notes that most breaches could have been avoided without difficult or expensive controls. Verizon recommends seven basic steps for improved security: Eliminate unnecessary data; keep tabs on what s left; Ensure essential controls are met; Check the above again; Test and review web applications; Audit user accounts and monitor privileged activity; Filter outbound traffic; and Monitor and mine event logs. 7 Companies increasingly recognize that risk management practices alone are not sufficient protection. Despite best efforts at data security, things can go wrong, and sometimes, horribly wrong. Being prepared to move quickly and effectively following the discovery of a breach is often essential to keeping a problem from escalating. Companies almost always fare better when following a well-conceived plan rather than scrambling to respond after a data breach has occurred. Some post-breach activities are prescribed by law. Notification laws require businesses, nonprofit organizations, and state institutions to notify consumers when personal information may have been compromised, lost or stolen. Forty-six states, D.C., Puerto Rico, and the U.S.Virgin Islands have enacted such consumer notification laws. For any loss of sensitive records, once a breach has been discovered and the appropriate people within the organization have been notified, an effective response typically includes the following steps: Identify and fix the cause of the breach. The timing and method of the fix will depend upon the nature of the breach (e.g., a system is hacked versus implementing more robust laptop security protocols); Notify law enforcement officials; Notify critical vendors and business partners; 8 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

9 Notify the cyber liability insurer and activate coverages for remediation or damage control activities, including hiring a damage control specialist or a public relations firm; Notify regulatory agencies (e.g., Department of Health and Humans Services for a health information breach), if required; Notify data loss subjects; Notify other stakeholders such as investors; and I mplement activities such as credit report monitoring services to mitigate potential future harm. Quickly and effectively communicating with customers and other stakeholders is an important step to mitigating damage. Working within the requirements of the applicable laws, senior management should make informed strategic decisions about when and how notification takes place. According to the Ponemon Institute, notifying customers too quickly, that is, before all of the facts are known, may result in larger losses. Data breach insurance coverage While robust data security can help avoid breaches, and emergency preparedness can lead to an effective response should one happen, insurance coverage remains essential. Coverage of data breaches under traditional Commercial General Liability and various types of Errors & Omissions policies is available, but most likely for limited circumstances. The insurance industry has responded in recent years to the exposures presented by data breaches by introducing cyber liability policies tailored especially to computer-related risks. In addition to coverage related to data security, most cyber liability policies cover other risks associated with conducting business digitally. Data breach coverage typically is provided in three parts: first-party; third-party; and coverage for related issues. First-party coverage is for direct losses incurred by the insured as a result of a data breach, such as recovering lost and destroyed data, forensic investigation expenses, business interruption losses, and extortion demands. First-party coverage may also include notification costs, credit monitoring services, call center services, and expenses for emergency public relations services. For these first party coverages, many carriers apply sublimits that can substantially decrease the available coverage. Third-party coverage insures policyholders against liability to entities such as customers, credit card companies, and banks. Coverage extends to both defense costs and damages 9 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

10 in civil lawsuits. Policy forms are typically divided into two sections as respects third-party coverage: privacy and network security. Because technology changes rapidly, insurance buyers should routinely check their policy forms to ensure that their coverage and limits are appropriate for their exposure. In the nottoo-distant past, coverage varied widely from insurer to insurer, and most insurers offered only modest policy limits. More recently, as coverages have become more standardized and the exposures better understood, primary limits have increased and an excess cyber liability market has emerged, permitting companies to readily access tens of millions of dollars of capacity. Coverage is generally broader today than it was a few years ago, but insurance buyers and their brokers nonetheless need to carefully review policy terms to understand the full extent of coverage. n Annual Study: U.S. Enterprise Encryption Trends, Poneman Institute, LLC, sponsored by Symantec, November 2010, p Larry Dignan, What that data breach will really cost you, ZDNet, May 8, blog/btl/what-that-data-breach-willreally-cost-you/ Annual Study: U.S. Cost of a Data Breach, Ponemon Institute, LLC, sponsored by Symantec, March 2011, p Forrester Research, Calculating the Cost of a Security Breach, cited in Sharon Gaudin, Security Breaches Cost $90 To $305 Per Lost Record, InformationWeek, April 11, 2007, com/news/security/showarticle. jhtml?articleid= The 2010 Verizon Data Breach Investigations Report, Verizon Risk Team in collaboration with the U.S. Secret Service, p The 2010 Verizon Data Breach Investigations Report, Verizon Risk Team in collaboration with the U.S. Secret Service, p Verizon, p. 3. ABOUT CHARTIS Chartis is a world leading property-casualty and general insurance organization serving more than 70 million clients around the world. With one of the industry s most extensive ranges of products and services, deep claims expertise and excellent financial strength, Chartis enables its commercial and personal insurance clients alike to manage virtually any risk with confidence. Chartis is the marketing name for the worldwide property-casualty and general insurance operations of Chartis Inc. For additional information, please visit our website at All products are written by insurance company subsidiaries or affiliates of Chartis Inc. Coverage may not be available in all jurisdictions and is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain coverage may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds. ABOUT ADVISEN Advisen s data, analytics and news offerings are game-changers for 100,000 commercial P&C professionals. For Underwriters, Reinsurers, Brokers and Risk Managers, the resources of Advisen provide productivity and insight into underwriting, marketing, broking and purchasing commercial insurance. Configurable applications allow Advisen to customize each solution and/or craft special offline delivery, too. Our result is a measurable increase in your book of business and more favorable insurance transactions. Visit us at or contact to learn more. 10 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

11 11 Avoiding a Cyber Catastrophe Advisen Ltd. Sponsored by:

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection

More information

HCCA Compliance Institute 2013 Privacy & Security

HCCA Compliance Institute 2013 Privacy & Security HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session

More information

Discussion on Network Security & Privacy Liability Exposures and Insurance

Discussion on Network Security & Privacy Liability Exposures and Insurance Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Privacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec

Privacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

Cyber Insurance Presentation

Cyber Insurance Presentation Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance

More information

cyber invasions cyber risk insurance AFP Exchange

cyber invasions cyber risk insurance AFP Exchange Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance

More information

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

ISO? ISO? ISO? LTD ISO?

ISO? ISO? ISO? LTD ISO? Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet

More information

Cyber-Crime Protection

Cyber-Crime Protection Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living

More information

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name: INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE

More information

What would you do if your agency had a data breach?

What would you do if your agency had a data breach? What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION

CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION THIS APPLICATION IS FOR A FIRST DISCOVERY POLICY. COVERAGE IS FOR EVENTS FIRST DISCOVERED DURING THE "POLICY PERIOD" OR ANY APPLICABLE

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

Specialty Risk Protector

Specialty Risk Protector Specialty Professional Liability and Data and Network Security Insurance is a single policy that makes it easy for companies to secure the multi-faceted E&O protection our networked world requires. A simplified,

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

Enterprise PrivaProtector 9.0

Enterprise PrivaProtector 9.0 IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST

More information

Cyber and data Policy wording

Cyber and data Policy wording Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

CyberSecurity for Law Firms

CyberSecurity for Law Firms CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Cyber Liability & Data Breach Insurance Claims

Cyber Liability & Data Breach Insurance Claims Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This

More information

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

Lawyers Professional Liability Claims Trends: 2014

Lawyers Professional Liability Claims Trends: 2014 Lawyers Professional Liability Claims Trends: 2014 Introduction & Overview Malpractice suits against lawyers have become increasingly common in today s legal environment. The potential for severe financial

More information

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance

More information

PrivateEdge Plus: Market-leading management and professional liability coverage package for private companies.

PrivateEdge Plus: Market-leading management and professional liability coverage package for private companies. PrivateEdge Plus: Market-leading management and professional liability coverage package for private companies. PrivateEdge Plus PrivateEdge Plus is a flexible insurance package that allows private companies

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Zurich Security And Privacy Protection Policy Application

Zurich Security And Privacy Protection Policy Application Zurich Security And Privacy Protection Policy Application COVERAGE A. AND COVERAGE F. OF THE POLICY FOR WHICH YOU ARE APPLYING IS WRITTEN ON A CLAIMS FIRST MADE AND REPORTED BASIS. ONLY CLAIMS FIRST MADE

More information

Coverage is subject to a Deductible

Coverage is subject to a Deductible Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:

More information

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider 1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner

More information

Privacy Insurance. Avoiding the HMO Experience. cyber. More Differences. By Toby Merrill

Privacy Insurance. Avoiding the HMO Experience. cyber. More Differences. By Toby Merrill Privacy Insurance Avoiding the HMO Experience By Toby Merrill Privacy, as it relates to an individual s personally identifiable information, such as Social Security numbers, credit card and healthcare

More information

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Cyber Risks in Italian market

Cyber Risks in Italian market Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends

More information

Insuring Innovation. CyberFirst Coverage for Technology Companies

Insuring Innovation. CyberFirst Coverage for Technology Companies Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is

More information

Products Liability: Putting a Product on the U.S. Market. Natalia R. Medley Crowell & Moring LLP 14 November 2012

Products Liability: Putting a Product on the U.S. Market. Natalia R. Medley Crowell & Moring LLP 14 November 2012 Products Liability: Putting a Product on the U.S. Market Natalia R. Medley Crowell & Moring LLP 14 November 2012 Overview Regulation of Products» Federal agencies» State laws Product Liability Lawsuits»

More information

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY GENERAL INFORMATION 1. APPLICANT NAME: 2. PHONE: 3. MAILING ADDRESS: 4. WEB ADDRESS: 5. The following officer of the Applicant is designated

More information

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing

More information

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Insurance for Data Breaches in the Hospitality Industry

Insurance for Data Breaches in the Hospitality Industry The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com

More information

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,

More information

AlienVault for Regulatory Compliance

AlienVault for Regulatory Compliance AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have

More information

APPLICATION FOR AN INFORMATION SECURITY PROTECTION POLICY

APPLICATION FOR AN INFORMATION SECURITY PROTECTION POLICY APPLICATION FOR AN INFORMATION SECURITY PROTECTION POLICY E-COMMERCE EC AP 01 05 10 The liability insuring agreements of this policy provide claims-made coverage. Under the liability sections, if elected,

More information

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and

More information

CYBER LIABILITY & INFORMATION SECURITY

CYBER LIABILITY & INFORMATION SECURITY MAIN: 919.926.4623 TOLL-FREE: 855.490.2528 WEBSITE: www.sentinelra.com CYBER LIABILITY & INFORMATION SECURITY In today's world, terms such as data breach and cyber liability are not new. With each year,

More information

Cyber Insurance as one element of the Cyber risk management strategy

Cyber Insurance as one element of the Cyber risk management strategy Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,

More information

Need for Cyberliability Insurance Continues to Grow

Need for Cyberliability Insurance Continues to Grow Need for Cyberliability Insurance Continues to Grow 14 benefits magazine may 2015 MAGAZINE Reproduced with permission from Benefits Magazine, Volume 52, No. 5, May 2015, pages 14-19, published by the International

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance By Shawn Tuma & Katti Smith Data breaches have become far more common than most people realize.

More information

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Understanding the Business Risk

Understanding the Business Risk AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed

More information

The Liability of Technology Companies for Data Breaches

The Liability of Technology Companies for Data Breaches The Liability of Technology Companies for Data Breaches Suits against technology companies sparked by breaches of customer data are relatively uncommon today, but they are likely to mushroom in the coming

More information

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY. October 2014. Sponsored by:

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY. October 2014. Sponsored by: CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY October 2014 CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe collaborated with Advisen to conduct a comprehensive market survey

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Medical Information Breaches: Are Your Records Safe?

Medical Information Breaches: Are Your Records Safe? Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential

More information

White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity

White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Written Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -

Written Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee - Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing entitled Examining the Evolving Cyber Insurance Marketplace. Thursday, March 19, 2015 Written Testimony of Michael

More information